Two and a half years ago we wrote a background article on ‘the future of the password’ on Tweakers. If you search a little further on the internet, you can read much further back on that subject. Bill Gates predicted the end of the password in 2004; he thought it would become obsolete in the future. Not much seems to have changed since then. There are still data breaches every day and the number of passwords we need is increasing rather than decreasing. Recently, Google, Apple and Microsoft took a major step to eliminate passwords from Chrome, Android, iOS and Windows. With this, the companies seem to have finally opted for a specific method of passwordless login: FIDO2 and WebAuthn. It was a long drive to get there and certainly not a matter of course. The big question now becomes what the plans of the tech companies will look like. Are they really going to make the password superfluous now?
Problem with passwords
Why do we actually want to get rid of the password? Basically, authentication with a username and password combination works quite well, at least from a user perspective. As a user you only have to remember two things and that is quite easy to do. That changes when you need passwords for various services. Then it becomes more difficult to remember them and attackers can steal them more easily or retrieve them automatically. As Mark Rishner previously explained to Tweakers, “Passwords are hard for users and easy for attackers.” Ideal, he says, is an alternative that not only makes remembering passwords superfluous, but also the passwords themselves.